Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
8221	2023-09-26 19:46	amday.exe 2421112335f8c112d36630dc0e0be4e2 Amadey Admin Tool (Sysinternals etc ...) UPX Malicious Library Http API HTTP Code injection Internet API AntiDebug AntiVM PE File PE32 .NET EXE GIF Format Lnk Format DLL OS Processor Check Malware download Amadey VirusTotal Malware Buffer PE AutoRuns PDB Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself AppData folder Windows ComputerName DNS Cryptographic key	1 Keyword trend analysis	1	2	1	13.4	M	53	ZeroCERT

8222	2023-09-26 19:44	amday.exe 010a01d7d42e46870c9b44781256dcc8 Amadey Downloader Admin Tool (Sysinternals etc ...) UPX MPRESS Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Hijack Network Sniff Audio HTTP DNS ScreenShot Code injection Internet API persistence FTP KeyLogger AntiDebug Malware download Amadey VirusTotal Malware AutoRuns PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files unpack itself Windows utilities Checks Bios Detects VirtualBox Detects VMWare suspicious process malicious URLs WriteConsoleW VMware anti-virtualization Windows ComputerName Firmware DNS crashed	2 Keyword trend analysis	3	5	1	18.4	M	56	ZeroCERT

8223	2023-09-26 18:56	pass1234.7z 0659cc0732eb954c5d74671266a0cbff PrivateLoader Stealc Escalate priviledges PWS KeyLogger AntiDebug AntiVM RedLine Malware download Dridex Malware c&c Microsoft Telegram suspicious privilege Malicious Traffic Check memory Checks debugger Creates executable files ICMP traffic unpack itself IP Check PrivateLoader Tofsee Stealc Stealer Windows RisePro Trojan DNS Downloader	58 Keyword trend analysis Info http://hugersi.com/dl/6523.exe - rule_id: 32660 http://171.22.28.208/download/WWW14_64.exe - rule_id: 36692 http://116.202.182.4/be957cbbdc7ee5ad3ee6c696b5eb3079 http://ji.alie3ksgbb.com/m/esgla2i5.exe - rule_id: 36693 http://zexeq.com/test2/get.php?pid=CD20CF071BA7C05D5F5E6CAF42496E78&first=true - rule_id: 27911 http://christopherantonio.top/calc2.exe - rule_id: 36694 http://colisumy.com/dl/build2.exe - rule_id: 31026 http://45.9.74.80/super.exe - rule_id: 36063 http://45.15.156.229/api/tracemap.php - rule_id: 33783 http://194.169.175.232/autorun.exe - rule_id: 36817 http://fc.ftimedica.com/netTime.exe - rule_id: 36695 http://45.15.156.229/api/firegate.php - rule_id: 36052 http://zexeq.com/files/1/build3.exe - rule_id: 27913 http://94.142.138.113/api/tracemap.php - rule_id: 28877 http://94.142.138.131/api/firegate.php - rule_id: 32650 http://bryanzachary.top/e9c345fc99a4e67e.php - rule_id: 36633 http://45.9.74.80/harbar.exe - rule_id: 36698 http://171.22.28.222/3.exe - rule_id: 36819 http://94.142.138.131/api/tracemap.php - rule_id: 28311 http://193.42.32.118/api/tracemap.php - rule_id: 36180 http://171.22.28.208/download/Services.exe - rule_id: 36699 http://116.202.182.4/temp.zip http://94.142.138.113/api/firegate.php - rule_id: 36152 http://77.91.68.239/wase/zor40.exe - rule_id: 36821 http://193.42.32.118/api/firecom.php - rule_id: 36700 http://apps.identrust.com/roots/dstrootcax3.p7c http://www.maxmind.com/geoip/v2.1/city/me https://sun6-20.userapi.com/c909518/u52355237/docs/d44/20c819f61cba/CentralSoftware_columbia.bmp?extra=2z59PDPmWyF33-Y3HVtg4UNIB9XZRIBYjaoXixGTmJhs0vykgtz_HqPaJuAkl80JHCvdVohqZQQb_5LblgGv5FX7qsOsY2b6FeER5xK9SzBGAgvnNdKJsSf5OCGKe3S-tNGSCGr2NH_B9z-W https://db-ip.com/demo/home.php?s=175.208.134.152 https://neuralshit.net/eeed4296d2fb5d72428fc1a3ce52cf3c/7725eaa6592c80f8124e769b4e8a07f7.exe https://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/3844DBB920174967BE7AA4A2C20430FA2/ntkrnlmp.pdb https://sun6-22.userapi.com/c909218/u52355237/docs/d17/091a42571517/red.bmp?extra=r0z9CjMNxE2mTTnriB2Bls4-TFr7B9FsQoT4UZYG_oNzuXzUtv3RX4iAbOL-iiKeB3ZH5QUeDZ3Mklvmjdo2u5ak1x74qY4JfHK7XbfI2YoYjK99ckLM9OdahE0SAJO4bYCCykmbmIWlU4gy https://sun6-20.userapi.com/c909418/u52355237/docs/d17/ec04e567424b/asca1ex.bmp?extra=1zqanOmyutlilek-_q6cC_1cYmH1bUO7GQl1d8YAjaNA_BlFIBPmGkVn0QEKdtLIuvi1t5Z3aWN-xrEVkkJ47O-ZTgxHv7NZJfoSmD-PNK6mHLUIaWg-KFIAybQlaBZAG7KPs2kaRojEGIxN https://preconcert.pw/setup294.exe - rule_id: 36162 https://sun6-21.userapi.com/c909628/u52355237/docs/d4/37d6f4587d66/PL_Client.bmp?extra=vFMQkGcQMwhGLxqeCw8WRQSuoGuWHjsDHSfVKHvUEbGxaHZHmO5iAQFSBp2L5NLrYkZ_AtqhM2YOVaGX2f0_wtY_BZ3VWc9KFKQuxfvtqSHhusBJKgdI5UvKmjUWJxxJXzqm0QdIS0nTGZ1n https://api.myip.com/ https://msdl.microsoft.com/download/symbols/index2.txt https://msdl.microsoft.com/download/symbols/winload_prod.pdb/768283CA443847FB8822F9DB1F36ECC51/winload_prod.pdb https://sun6-22.userapi.com/c909618/u52355237/docs/d14/43483f8e9e63/1.bmp?extra=FWq8V3k1Hz72g7woqgW-ECmfx08Tdv-3fIKVc-MRW_EuzKQUkzHfUeAOUMH9_6nwXT0f2x9SDjp_NXbS4Wf7-pJYgUT2PdrX6FiegVwiG7z32gNCSDEy0gKXFu89EqN4IgcKmAHgEFcI1HtC https://vk.com/doc52355237_666188067?hash=r1Na54ZxAjG4KOFDeXqZX17ZBZPd5xxdBOOWsDvp5TX&dl=EOYAxqrIN0WwY7MTgf0eTj1ZJVCjuUa0FY3feLNyZEc&api=1&no_preview=1#r1 https://sun6-23.userapi.com/c909518/u52355237/docs/d47/4014f55379cc/328dj2afg.bmp?extra=6Bfk2S3_2r_dLgL2d1veTA6iWp8zHghRwz8T39MA75jwIQkx7SQ2Kb5Os5asEZ5ovsoE6oU4lNEMvw2FO23gbybbkk_0UkVG0tGBRn9mfWIZIgPGHxXgK1hlxG-I88Eyx3SGb35FLUXbqH4y https://dzen.ru/?yredirect=true https://vk.com/doc52355237_666188111?hash=YqLzqNwMEhOj6RajDlBD8aSukAbtANjBlscGdKtOeCs&dl=YMPwrHQ0CXQv8XaS05FhamCh9yBGbI8LEjrOzNGGJwg&api=1&no_preview=1#test22 https://vk.com/doc52355237_666181938?hash=qWMdOCbpzj2Wb6MYMI1Ka3xNmUOJ6pLxfkyOLYrGUSk&dl=PhPb48gjucqZZtWBFDR0mODlEKUHEtoOiZ9xMEZxbHg&api=1&no_preview=1 https://psv4.userapi.com/c237131/u52355237/docs/d52/bf8b871d118f/test22009.bmp?extra=IRFzL4G7suwrIV0Ugi8zUAeP1MlvODiQlVXYjxHMhvkKBIdYJTwH7Zatcg0p48JkSW83s36cnoy4UaN835Tj-R9biD8rPEcG_EzMZTRnRbqOjrJ_DFUxwjw0OJKh_oZFH9LVVKL2m-i_N06I https://psv4.userapi.com/c909418/u52355237/docs/d13/e3d209ce52d6/r1.bmp?extra=6rMQn1lER0gAN0LeHdGbMtpLsASl0hxcxw0PNS4Ns-9w5ZZsVoV6CEda5eYHneh2egVcUbMF_l5k4S5e9matHidQ-bzog6g1kffX03n99WFVMUERlgXnEDITtS-XIETWFqeath2AK45S5F3b https://vk.com/doc52355237_666179848?hash=ufi1beFgQgH7IIPzqKDFfPMcAvFORPdbdFaKorxglho&dl=vV1Rp4EmQttS6tlOfur6tVZ5c57KYo2mHS3tnRpwwzL&api=1&no_preview=1 https://sun6-20.userapi.com/c909218/u52355237/docs/d16/b4420e8b98d2/crypted.bmp?extra=gxSaspk18kvxyAS8t5kShgsBui3RzUPyilX39KkDHHA5rGOw4rplKOptaOuee1y6ZIn9IW3E-glw0i0LGLC-edXmA_O5RdXV7ZI_Fez1fRuSioYIKGBFH_hmITuBT5tshPMf2MUCgeRdioym https://vsblobprodscussu5shard10.blob.core.windows.net/b-4712e0edc5a240eabf23330d7df68e77/3361580E1DAA2301EF4C62D105FB67166BD89EA03FCDE3C800EACFAF71EE01C200.blob?sv=2019-07-07&sr=b&si=1&sig=D77M4Fhe8r8XZ4fUzqHEXLCAB0uZBlk6il1exOKrRqU%3D&spr=https&se=2023-09-27T10%3A12%3A02Z&rscl=x-e2eid-86da1ff9-acd34f6f-b5faa8c6-d6036f0b-session-6ab43958-baf54227-a0e7055f-b285683e https://sso.passport.yandex.ru/push?uuid=30f5dbd2-8234-4dc3-88ac-f235b4248d17&retpath=https%3A%2F%2Fdzen.ru%2F%3Fyredirect%3Dtrue https://steamcommunity.com/profiles/76561199555780195 https://vk.com/doc52355237_666155284?hash=ImdsfIi1GWolUBV61ckzTPwgq51ZCNzIz6Qz8GSqP7P&dl=7w4np6RfyRANUVCTVCTAKrQpLvvL9JdOzpG1MG3SxH0&api=1&no_preview=1#1 https://vk.com/doc52355237_666156612?hash=bdGeSBHlSAAvX3XfPztlcQ0ZUkIQphvENrPzwCPj5Z8&dl=4JArFWt8zA3vgc8EemxKOfFs2sIBVxYCiPB5IY6vf3o&api=1&no_preview=1#acotr https://api.db-ip.com/v2/p31e4d59ee6ad1a0b5cc80695a873e43a8fbca06/self https://vsblobprodscussu5shard58.blob.core.windows.net/b-4712e0edc5a240eabf23330d7df68e77/98A14A45856422D571CDEA18737E156B89D4C85FE7A2C03E353274FC83996DE200.blob?sv=2019-07-07&sr=b&si=1&sig=xMY2P2fF6bWoxHZVJX%2FyfM%2F0Ik2ufssOkny8X6YnEeM%3D&spr=https&se=2023-09-27T10%3A35%3A46Z&rscl=x-e2eid-689f9e7d-d7644980-83eadf42-c03304ac-session-f095e454-3ae44686-80be44a9-298159b3 https://sun6-21.userapi.com/c909628/u52355237/docs/d56/ab101ef5beac/RisePro_0_7_8d3TUvJJlkW1iIngb5qf_vmp.bmp?extra=ZOXPOSW0IxHOWYqkjWyZXr8cgzuoW95hdG2r4vF9D6YG_du5sSp1YX3pkfRNGjA0ajCaIuGdJ19tIYsn3UKC157Rc3AG2UZcSJdY0Gwg_yy5VyTqT-7hebVIpz7wbLIi9CqXN6qga6tYbQlE https://vk.com/doc52355237_666156647?hash=soiQyJe1KH2s4Y7XAaoUY5Zz99BkiuoKspLIFPkBkUo&dl=MRFY1lxcKPt1QoXMyjDB3nc0s3RLiVvd2s1W7PlXJXk&api=1&no_preview=1#centr https://octocrabs.com/7725eaa6592c80f8124e769b4e8a07f7.exe - rule_id: 36716	101 Info neuralshit.net(104.21.6.10) - malware db-ip.com(172.67.75.166) telegram.org(149.154.167.99) t.me(149.154.167.99) - mailcious ipinfo.io(34.117.59.81) sun6-23.userapi.com(95.142.206.3) iplogger.org(148.251.234.83) - mailcious dzen.ru(62.217.160.2) preconcert.pw(172.67.197.101) - malware 66d5b9b8-6848-4a0c-a11d-976f4246433c.uuid.окрф.рф() psv4.userapi.com(87.240.137.140) api.2ip.ua(162.0.217.254) steamcommunity.com(104.76.78.101) - mailcious wahaaudit.ps(213.6.54.58) - malware z.nnnaajjjgc.com(156.236.72.121) - malware twitter.com(104.244.42.1) msdl.microsoft.com(204.79.197.219) christopherantonio.top(46.173.215.72) - malware octocrabs.com(172.67.200.10) - mailcious sun6-21.userapi.com(95.142.206.1) - mailcious sso.passport.yandex.ru(213.180.204.24) 230404015907217.ism.wity21.info() yandex.ru(77.88.55.60) xsk295c2.beget.tech(87.236.19.185) - mailcious sun6-20.userapi.com(95.142.206.0) - mailcious ji.alie3ksgbb.com(172.67.200.102) - mailcious iplogger.com(148.251.234.93) - mailcious zexeq.com(84.224.216.79) - malware api.db-ip.com(172.67.75.166) vsblobprodscussu5shard58.blob.core.windows.net(20.150.79.68) vsblobprodscussu5shard10.blob.core.windows.net(20.150.79.68) colisumy.com(84.224.216.79) - malware bryanzachary.top(46.173.215.72) - mailcious iplis.ru(148.251.234.93) - mailcious hugersi.com(91.215.85.147) - malware sun6-22.userapi.com(95.142.206.2) www.maxmind.com(104.18.145.235) vk.com(93.186.225.194) - mailcious api.myip.com(172.67.75.163) fc.ftimedica.com(45.130.231.6) - malware 146.59.10.173 194.169.175.128 - mailcious 104.18.145.235 45.130.231.6 - malware 116.202.182.4 148.251.234.93 - mailcious 176.123.4.46 87.240.129.133 - mailcious 20.150.70.36 62.217.160.2 5.42.65.101 - mailcious 87.236.19.185 - mailcious 2.180.10.7 172.67.200.102 149.154.167.99 - mailcious 193.42.32.118 - mailcious 61.111.58.34 - malware 172.67.75.166 172.67.75.163 213.6.54.58 - malware 204.79.197.219 31.41.244.27 - mailcious 46.173.215.72 - mailcious 171.22.28.208 - malware 87.240.132.72 - mailcious 162.0.217.254 45.129.14.83 - malware 104.21.21.189 84.224.216.79 77.88.55.60 148.251.234.83 104.26.8.59 104.21.6.10 - malware 104.21.90.117 - malware 213.180.204.24 104.21.84.222 - malware 95.214.25.235 171.22.28.222 - malware 34.117.59.81 20.150.38.228 45.9.74.80 - malware 194.169.175.232 - malware 87.240.190.89 176.123.9.142 - mailcious 94.142.138.113 - mailcious 185.225.73.32 - mailcious 156.236.72.121 - mailcious 45.15.156.229 - mailcious 104.26.9.59 95.142.206.3 95.142.206.2 95.142.206.1 - mailcious 95.142.206.0 - mailcious 91.215.85.147 - malware 104.244.42.193 - suspicious 87.240.132.78 - mailcious 185.225.74.51 - mailcious 23.32.56.72 77.91.68.239 - malware 104.76.78.101 - mailcious 94.142.138.131 - mailcious	46 Info ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET) ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Download from dotted-quad Host ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) SURICATA Applayer Mismatch protocol both directions ET DNS Query to a .pw domain - Likely Hostile ET DNS Query to a .top domain - Likely Hostile ET MALWARE Single char EXE direct download likely trojan (multiple families) ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 ET INFO HTTP Request to a *.top domain ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) ET HUNTING Suspicious services.exe in URI ET DROP Spamhaus DROP Listed Traffic Inbound group 7 ET HUNTING Possible EXE Download From Suspicious TLD ET INFO TLS Handshake Failure ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) ET POLICY IP Check Domain (iplogger .org in TLS SNI) ET POLICY External IP Address Lookup DNS Query (2ip .ua) ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Outbound) ET DROP Spamhaus DROP Listed Traffic Inbound group 1 ET MALWARE Redline Stealer Activity (Response) ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Token) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (External IP) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Response) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Exfiltration) ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer) ET MALWARE Win32/Filecoder.STOP Variant Request for Public Key ET MALWARE Win32/Filecoder.STOP Variant Public Key Download ET POLICY IP Check Domain (iplogger .org in DNS Lookup) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Activity) ET MALWARE Potential Dridex.Maldoc Minimal Executable Request ET MALWARE Win32/Vodkagats Loader Requesting Payload ET INFO Observed Telegram Domain (t .me in TLS SNI) ET INFO External IP Lookup Domain (iplogger .com in DNS lookup) SURICATA TLS invalid record type SURICATA TLS invalid record/traffic ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) ET INFO Dotted Quad Host ZIP Request	25 Info http://hugersi.com/dl/6523.exe http://171.22.28.208/download/WWW14_64.exe http://ji.alie3ksgbb.com/m/esgla2i5.exe http://zexeq.com/test2/get.php http://christopherantonio.top/calc2.exe http://colisumy.com/dl/build2.exe http://45.9.74.80/super.exe http://45.15.156.229/api/tracemap.php http://194.169.175.232/autorun.exe http://fc.ftimedica.com/netTime.exe http://45.15.156.229/api/firegate.php http://zexeq.com/files/1/build3.exe http://94.142.138.113/api/tracemap.php http://94.142.138.131/api/firegate.php http://bryanzachary.top/e9c345fc99a4e67e.php http://45.9.74.80/harbar.exe http://171.22.28.222/3.exe http://94.142.138.131/api/tracemap.php http://193.42.32.118/api/tracemap.php http://171.22.28.208/download/Services.exe http://94.142.138.113/api/firegate.php http://77.91.68.239/wase/zor40.exe http://193.42.32.118/api/firecom.php https://preconcert.pw/setup294.exe https://octocrabs.com/7725eaa6592c80f8124e769b4e8a07f7.exe	6.0	M		ZeroCERT

8224	2023-09-26 18:46	executeInstall - Copy.js fcb124a08ae0351cab33214c2eda395f VirusTotal Malware DNS crashed		1			2.6		9	ZeroCERT

8225	2023-09-26 18:32	temp.js 98647908b75a0485ad44a786e5967aa4 VirusTotal Malware DNS crashed	1 Keyword trend analysis	1			2.6		8	ZeroCERT

8226	2023-09-26 18:19	neverban_zBbnJe.vbs 08cbb6ece8ee6238c20a24691b0c6855 VirusTotal Malware wscript.exe payload download DNS	1 Keyword trend analysis	1			2.4		10	ZeroCERT

8227	2023-09-26 18:18	neverban_vrkvQj.vbs e2bcfd5fd4c45b3f95e7e9144f7495c6 [C] All Process AntiDebug AntiVM Malware download VirusTotal Malware Code Injection WMI wscript.exe payload download Windows utilities suspicious process WriteConsoleW DarkGate Windows ComputerName DNS Downloader	1 Keyword trend analysis	1	1	1	7.0	M	4	ZeroCERT

8228	2023-09-26 18:18	neverban_pvLGjZ.vbs 457f92980b658c7332928d72faff99a9 [C] All Process AntiDebug AntiVM Malware download Malware Code Injection WMI wscript.exe payload download Windows utilities suspicious process WriteConsoleW DarkGate Windows ComputerName DNS Downloader	2 Keyword trend analysis	1	1	1	6.6			ZeroCERT

8229	2023-09-26 18:11	neverban_LnyakY.pdf 09e70e63dd0480ee79a5e0ee664abce8 PDF ZIP Format Windows utilities Windows	5 Keyword trend analysis Info http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/message.zip				1.4			ZeroCERT

8230	2023-09-26 18:09	neverban_LRKOPK.vbs 457f92980b658c7332928d72faff99a9 [C] All Process AntiDebug AntiVM Malware download Malware Code Injection WMI wscript.exe payload download Windows utilities suspicious process WriteConsoleW DarkGate Windows ComputerName DNS Downloader	1 Keyword trend analysis	1	1		6.6			ZeroCERT

8231	2023-09-26 18:08	neverban_FFNTdW.vbs 1769260da8b9bd86d94598a926e93bb5 [C] All Process AntiDebug AntiVM Malware download VirusTotal Malware Code Injection WMI wscript.exe payload download Windows utilities suspicious process WriteConsoleW DarkGate Windows ComputerName DNS Downloader	1 Keyword trend analysis	1	1		7.0		4	ZeroCERT

8232	2023-09-26 18:05	neverban_COifEs.vbs e2bcfd5fd4c45b3f95e7e9144f7495c6 [C] All Process AntiDebug AntiVM Malware download VirusTotal Malware Code Injection WMI wscript.exe payload download Windows utilities suspicious process WriteConsoleW DarkGate Windows ComputerName DNS Downloader	1 Keyword trend analysis	1	1	1	7.0	M	4	ZeroCERT

8233	2023-09-26 18:05	neverban_dWMkPE.vbs 1bd0900f5c260ec597662cbcdb396d4a VirusTotal Malware wscript.exe payload download DNS	2 Keyword trend analysis	1		1	2.2		5	ZeroCERT

8234	2023-09-26 18:05	login_qYxkKH.vbs 17ad01cded9cce9be82081ad7f0f599a VirusTotal Malware wscript.exe payload download DNS	2 Keyword trend analysis	1		1	2.2		5	ZeroCERT

8235	2023-09-26 17:52	1.exe 0ad6deed1fc88623c70e2c9ee906dbb1 Malicious Library UPX Malicious Packer PE File PE32 OS Processor Check GIF Format Lnk Format PNG Format VirusTotal Malware Creates shortcut Creates executable files unpack itself sandbox evasion installed browsers check Browser ComputerName					3.2	M	41	ZeroCERT